McAfee UTILITIES 4.0 Podręcznik Użytkownika Strona 25
- Strona / 112
- Spis treści
- BOOKMARKI
Oceniono. / 5. Na podstawie oceny klientów
Host intrusion prevention signatures
Host IPS protection resides on individual systems such as servers, workstations or laptop. The
Host Intrusion Prevention client inspects traffic flowing into or out of a system and examines
the behavior of the applications and operating system for attacks. When an attack is detected,
the client can block it at the network segment connection, or can issue commands to stop the
behavior initiated by the attack. For example, buffer overflow is prevented by blocking malicious
programs inserted into the address space exploited by an attack. Installation of back door
programs with applications like Internet Explorer is blocked by intercepting and denying the
application’s “write file” command.
Benefits of host IPS
• Protects against an attack and the results of an attack, such as preventing a program from
writing a file.
• Protects laptops when they are outside the protected network.
• Protects against local attacks introduced by CDs or USB devices. These attacks often focus
on escalating the user’s privileges to “root” or “administrator” to compromise other systems
in the network.
• Provides a last line of defense against attacks that have evaded other security tools.
• Prevents internal attack or misuse of devices located on the same network segment.
• Protects against attacks where the encrypted data stream terminates at the system being
protected by examining the decrypted data and behavior.
• Independent of network architecture; protects systems on obsolete or unusual network
architectures such as Token Ring or FDDI.
Network intrusion prevention signatures
Network IPS protection also resides on individual systems. All data that flows between the
protected system and the rest of the network is examined for an attack. When an attack is
identified, the offending data is discarded or blocked from passing through the system.
Benefits of network IPS
• Protects systems located downstream in a network segment.
• Protects servers and the systems that connect to them.
• Protects against network denial-of-service attacks and bandwidth-oriented attacks that deny
or degrade network traffic.
Behavioral rules
Behavioral rules define legitimate activity. Activity not matching the rules is considered suspicious
and triggers a response. For example, a behavioral rule might state that only a web server
process should access HTML files. If any other process attempts to access HTML files, action
is taken. These rules provide protection against zero-day and buffer overflow attacks.
Behavioral rules define a profile of legitimate activity. Activity that does not match the profile
triggers an event. For example, you can set a rule stating that only a web server process should
access web files. If another process attempts to access a web file, this behavioral rule triggers
an event.
Configuring IPS Policies
Overview of IPS policies
25McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0
- Product Guide 1
- Basic protection 8
- Advanced protection 8
- IPS policies 8
- Firewall policies 8
- Policy management 9
- Policy tracking and tuning 10
- Preset protection 11
- Adaptive and learn mode 11
- Dashboards and queries 12
- Managing Your Protection 13
- Management of policies 16
- Where to find policies 17
- Configuring polices 18
- Automatic tuning with clients 19
- Management of systems 20
- Host IPS server tasks 21
- Host IPS protection updates 22
- Checking in update packages 23
- Updating clients with content 23
- Configuring IPS Policies 24
- Behavioral rules 25
- Reactions 26
- Exception rules 26
- Working with IPS signatures 30
- Creating signatures 33
- Creating exception rules 39
- Working with IPS events 40
- Managing IPS events 41
- Managing IPS client rules 43
- Configuring Firewall Policies 45
- Stateful packet filtering 46
- Stateful packet inspection 46
- State table 47
- State table functionality 47
- How firewall rules work 47
- How stateful filtering works 48
- Stateful protocol tracking 49
- Overview of Firewall policies 51
- Firewall client rules 55
- Quarantine policies and rules 55
- 4 Click Save to save changes 60
- Creating firewall rule groups 61
- Configuring General Policies 76
- Unlocking the Windows client 78
- Working with Host Intrusion 81
- Prevention Clients 81
- Creating 85
- System tray icon 86
- Setting client UI options 87
- Client error reporting 88
- Windows client alerts 90
- Responding to Firewall alerts 91
- About the IPS Policy tab 93
- About the Firewall Policy tab 94
- About the Blocked Hosts tab 96
- About the Activity Log tab 98
- Solaris client issues 100
- Client installation issues 100
- Client operations issues 100
- Stopping the Solaris client 101
- Overview of the Linux client 102
- Notes about the Linux client 103
- Linux client issues 103
- Stopping the Linux client 105
- Restarting the Linux client 105
- (continued) 107
Powiązane produkty i podręczniki dla Oprogramowanie McAfee UTILITIES 4.0
(13 strony)© 2020, manymanuals.pl. Wszelkie prawa zastrzeżone. | 0.050 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji